CVE-2008-4546 - Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al

CVE-2008-4546

Summary

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

References

Vulnerable Configurations

cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-10-2018 - 20:52)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-02-04T04:01:03.275-05:00

class

vulnerability

contributors

name	Shane Shaffer
organization	G2, Inc.

definition_extensions

comment Adobe Flash Player is Installed
oval oval:org.mitre.oval:def:12319
comment Adobe Flash Player 10 is Installed
oval oval:org.mitre.oval:def:12412
comment Adobe AIR is installed
oval oval:org.mitre.oval:def:15988

description

family

macos

oval:org.mitre.oval:def:16302

status

accepted

submitted

2012-12-20T15:35:55.661-05:00

title

Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability

version

accepted

2015-08-03T04:02:03.279-04:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Preeti Subramanian
organization SecPod Technologies
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Adobe AIR is installed
oval oval:org.mitre.oval:def:7479
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player 10 is installed
oval oval:org.mitre.oval:def:7610
comment ActiveX Control is installed
oval oval:org.mitre.oval:def:26707

description

family

windows

oval:org.mitre.oval:def:7187

status

accepted

submitted

2010-06-11T17:30:00.000-05:00

title

Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability

version

redhat via4

advisories

rhsa
id RHSA-2010:0464
rhsa
id RHSA-2010:0470

rpms

flash-plugin-0:10.1-2.el5
flash-plugin-0:9.0.277.0-1.el3.with.oss
flash-plugin-0:9.0.277.0-1.el4

refmap via4

apple	APPLE-SA-2010-11-10-1
bid	31537
bugtraq	20081002 Adobe Flash Player plug-in null pointer dereference and browser crash
cert	TA10-162A
confirm	http://support.apple.com/kb/HT4435 http://www.adobe.com/support/security/bulletins/apsb10-14.html
gentoo	GLSA-201101-09
hp	HPSBMA02547 SSRT100179
misc	http://www.mochimedia.com/~matthew/flashcrash/
sectrack	1024085 1024086
secunia	32759 40545 43026
sreason	4401
suse	SUSE-SA:2010:024 SUSE-SR:2008:025 SUSE-SR:2010:013
turbo	TLSA-2010-19
vupen	ADV-2010-1421 ADV-2010-1432 ADV-2010-1434 ADV-2010-1453 ADV-2010-1482 ADV-2010-1522 ADV-2010-1793 ADV-2011-0192
xf	adobe-flash-version-dos(45630)

Last major update

11-10-2018 - 20:52

Published

14-10-2008 - 15:28

Last modified

11-10-2018 - 20:52